patch 9.2.0297: libvterm: can improve CSI overflow code

Problem:  libvterm: can improve CSI overflow code
Solution: Handle overflow cases better (Yasuhiro Matsumoto)

closes: #19903

Signed-off-by: Yasuhiro Matsumoto <[email protected]>
Signed-off-by: Christian Brabandt <[email protected]>

Author: mattn

src/libvterm/src/parser.c

@@ -230,12 +230,16 @@ size_t vterm_input_write(VTerm *vt, const char *bytes, size_t len)
     case CSI_ARGS:
       /* Numerical value of argument */
       if(c >= '0' && c <= '9') {
-        if(vt->parser.v.csi.args[vt->parser.v.csi.argi] == CSI_ARG_MISSING)
-          vt->parser.v.csi.args[vt->parser.v.csi.argi] = 0;
-        if(vt->parser.v.csi.args[vt->parser.v.csi.argi] < (CSI_ARG_MISSING - 9) / 10) {
-          vt->parser.v.csi.args[vt->parser.v.csi.argi] *= 10;
-          vt->parser.v.csi.args[vt->parser.v.csi.argi] += c - '0';
-        }
+        long arg_max = CSI_ARG_MISSING - 1;
+        long *arg = &vt->parser.v.csi.args[vt->parser.v.csi.argi];
+        int digit = c - '0';
+
+        if(*arg == CSI_ARG_MISSING)
+          *arg = 0;
+        if(*arg > (arg_max - digit) / 10)
+          *arg = arg_max;
+        else
+          *arg = *arg * 10 + digit;
         break;
       }
       if(c == ':') {

src/testdir/test_terminal3.vim

@@ -1232,8 +1232,9 @@ endfunc
 " Test that CSI sequences with more than CSI_ARGS_MAX arguments do not crash
 func Test_terminal_csi_args_overflow()
   CheckExecutable printf
-  let buf = term_start([&shell, &shellcmdflag,
-        \ 'printf "\033[' . repeat('1;', 49) . '1m"'])
+  let seq = "\033[" .. repeat('1;', 49) .. '1m'
+  let seq ..= "\033[1111111111111111111m"
+  let buf = term_start([&shell, &shellcmdflag, 'printf "' .. seq .. '"'])
 
   " If we get here without a crash, the fix works
   call assert_equal('running', term_getstatus(buf))

src/version.c

@@ -734,6 +734,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    297,
 /**/
     296,
 /**/